Sun Solaris 'snoop(1M)' Utility Multiple Remote Vulnerabilities

The Solaris 'snoop1M' network utility is prone to multiple remote vulnerabilities, including: - Multiple stack-based buffer-overflow vulnerabilities - Multiple format-string vulnerabilities Exploiting these issues will allow attackers to execute arbitrary code with the privileges of the 'nobody'...

CVE-2003-1562

MODE C CVE-2003-1562 refers to a race condition in sshd/OpenSSH 3.6.1p2 and earlier, where with PermitRootLogin disabled and using PAM keyboard-interactive authentication, sshd does not insert a delay after a root password attempt. This timing discrepancy could enable remote attackers to infer wh...

Orca 2.0 (params.php) Remote File Inclusion Vulnerability

No description provided by source. Orca - Interactive Forum Script Remote File Inclusion Vulnerability Discovered by : Ciph3r MAIL : [email protected] SP tanx4: Iranian hacker & Kurdish security TEAM sp TANX2: milw0rm.com & google.com & sourceforge.net CMS download :...

orca-rfi.txt

Orca - Interactive Forum Script Remote File Inclusion Vulnerability Discovered by : Ciph3r MAIL : [email protected] SP tanx4: Iranian hacker & Kurdish security TEAM sp TANX2: milw0rm.com & google.com & sourceforge.net CMS download :...

Orca 2.0/2.0.2 (params.php) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications =============================================================== Orca 2.0/2.0.2 params.php Remote File Inclusion Vulnerability =============================================================== Orca - Interactive Forum Script Remote File...

Orca 2.02.0.2 - params.php?gConf[dir][layouts] Remote File Inclusion

Orca 2.02.0.2 - params.php?gConfdirlayouts Remote File Inclusion Orca - Interactive Forum Script Remote File Inclusion Vulnerability Discovered by : Ciph3r MAIL : [email protected] SP tanx4: Iranian hacker & Kurdish security TEAM sp TANX2: milw0rm.com & google.com & sourceforge.net CMS...

Orca 2.0/2.0.2 - 'params.php?gConf[dir][layouts]' Remote File Inclusion

Orca - Interactive Forum Script Remote File Inclusion Vulnerability Discovered by : Ciph3r MAIL : [email protected] SP tanx4: Iranian hacker & Kurdish security TEAM sp TANX2: milw0rm.com & google.com & sourceforge.net CMS download :...

WordPress wpSS插件ss_id参数SQL注入漏洞

BUGTRAQ ID: 28894 wpSS是WordPress中所使用的电子表格插件，允许在WordPress博客中嵌入交互式的电子表格。 wpSS插件的wpSS/ssload.php文件中没有正确地过滤对ssid参数的数便用在了SQL查询中： ssload.php $id = $GET'ssid'; .... ssfunctions.php: function ssload $id, $plain=FALSE .... if $wpdb-query"SELECT FROM $tablename WHERE id='$id'" == 0...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in login.php in Omnistar Interactive OSI Affiliate allow remote attackers to inject arbitrary web script or HTML via the 1 login, 2 profile, 3 profile2, and 4 ref parameters...

CVE-2008-1850

Multiple cross-site scripting XSS vulnerabilities in login.php in Omnistar Interactive OSI Affiliate allow remote attackers to inject arbitrary web script or HTML via the 1 login, 2 profile, 3 profile2, and 4 ref parameters...

CVE-2008-1850

The CVE-2008-1850 entry describes multiple cross-site scripting (XSS) vulnerabilities in the login.php component of Omnistar Interactive OSI Affiliate. The underlying issue is improper handling of user-supplied parameters (login, profile, profile2, ref), allowing remote attackers to inject arbitr...

CVE-2008-1850

Multiple cross-site scripting XSS vulnerabilities in login.php in Omnistar Interactive OSI Affiliate allow remote attackers to inject arbitrary web script or HTML via the 1 login, 2 profile, 3 profile2, and 4 ref parameters...

Windows Command, Double Reverse TCP Connection (via Perl)

Creates an interactive shell via perl This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 148 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def initializeinfo...

Cross site scripting

Cross-site scripting XSS vulnerability in Tor World Tor Search 1.1 and earlier, I-Navigator 4.0, Mobile Frontier 2.1 and earlier, Diary.cgi aka Quotes of the Day 1.5 and earlier, Tor News 1.21 and earlier, Simple BBS 1.3 and earlier, Interactive BBS 1.3 and earlier, Tor Board 1.1 and earlier,...

CVE-2008-0917

Cross-site scripting XSS vulnerability in Tor World Tor Search 1.1 and earlier, I-Navigator 4.0, Mobile Frontier 2.1 and earlier, Diary.cgi aka Quotes of the Day 1.5 and earlier, Tor News 1.21 and earlier, Simple BBS 1.3 and earlier, Interactive BBS 1.3 and earlier, Tor Board 1.1 and earlier,...

CVE-2008-0917

Cross-site scripting XSS vulnerability in Tor World Tor Search 1.1 and earlier, I-Navigator 4.0, Mobile Frontier 2.1 and earlier, Diary.cgi aka Quotes of the Day 1.5 and earlier, Tor News 1.21 and earlier, Simple BBS 1.3 and earlier, Interactive BBS 1.3 and earlier, Tor Board 1.1 and earlier,...

CVE-2008-0917

In the connected documents, CVE-2008-0917 is described as a cross-site scripting (XSS) vulnerability in multiple Tor World CGI scripts, including Tor Search 1.1 and earlier, I-Navigator 4.0, Mobile Frontier 2.1, Diary.cgi 1.5 and earlier, Tor News 1.21 and earlier, Simple BBS 1.3 and earlier, Int...

JVN#54593414 Cross-site scripting vulnerability in multiple Tor World CGI scripts

Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update...

Design/Logic Flaw

The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655...

CVE-2008-0667

The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655...